artin/OBP-API
1
0
Fork 0
mirror of https://github.com/OpenBankProject/OBP-API.git synced 2026-02-06 13:07:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

feature/do_validation_with_json_schema: do json-schema validation when entitlement check success

Browse Source
This commit is contained in:
shuang 2020-11-29 21:28:34 +08:00
parent d436f8ec5d
commit 22ebc67d80
17 changed files with 167 additions and 178 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CONTRIBUTING.md
View File

@ -91,7 +91,7 @@ When naming variables use strict camel case e.g. use myUrl not myURL. This is so
// 1. makes sure the user which attempts to use the endpoint is authorized
(Full(u), callContext) <- authorizedAccess(cc)
// 2. makes sure the user which attempts to use the endpoint is allowed to consume it
_ <- NewStyle.function.hasAtLeastOneEntitlement(failMsg = createProductEntitlementsRequiredText)(bankId.value, u.userId, createProductEntitlements)
_ <- NewStyle.function.hasAtLeastOneEntitlement(failMsg = createProductEntitlementsRequiredText)(bankId.value, u.userId, createProductEntitlements, callContext)
// 3. checks the endpoint constraints
(_, callContext) <- NewStyle.function.getBank(bankId, callContext)
failMsg = s"$InvalidJsonFormat The Json body should be the $PostPutProductJsonV310 "
@ -106,7 +106,7 @@ Please note that that checks at an endpoint should be applied only in case an us
failMsg = s"$InvalidJsonFormat The Json body should be the $PostPutProductJsonV310 "
(Full(u), callContext) <- authorizedAccess(cc)
// 2. makes sure the user which attempts to use the endpoint is allowed to consume it
_ <- NewStyle.function.hasAtLeastOneEntitlement(failMsg = createProductEntitlementsRequiredText)(bankId.value, u.userId, createProductEntitlements)
_ <- NewStyle.function.hasAtLeastOneEntitlement(failMsg = createProductEntitlementsRequiredText)(bankId.value, u.userId, createProductEntitlements, callContext)
```
the user which cannot consume the endpoint still can check does some bank exist or not at that instance. It's not the issue if banks are public data at the instance but it wouldn't be the only business case all the time.

23
obp-api/src/main/scala/code/api/ResourceDocs1_4_0/ResourceDocsAPIMethods.scala
View File

@ -2,24 +2,26 @@ package code.api.ResourceDocs1_4_0
import java.util.UUID.randomUUID
import code.api.OBPRestHelper
import code.api.builder.OBP_APIBuilder
import code.api.util.{APIUtil, _}
import code.api.cache.Caching
import code.api.util.APIUtil.{hasEntitlement, _}
import code.api.util.APIUtil._
import code.api.util.ApiTag._
import com.openbankproject.commons.util.ApiStandards._
import code.api.util.{APIUtil, _}
import code.api.v1_4_0.{APIMethods140, JSONFactory1_4_0, OBPAPI1_4_0}
import code.api.v2_2_0.{APIMethods220, OBPAPI2_2_0}
import code.api.v3_0_0.OBPAPI3_0_0
import code.api.v3_1_0.OBPAPI3_1_0
import code.api.v4_0_0.{APIMethods400, OBPAPI4_0_0}
import code.api.OBPRestHelper
import code.api.util.ApiRole.{CanReadResourceDoc, canCreateAnyTransactionRequest}
import code.util.Helper.MdcLoggable
import com.openbankproject.commons.model.enums.{ContentParam, LanguageParam}
import com.github.dwickern.macros.NameOf.nameOf
import com.openbankproject.commons.model.ListResult
import com.openbankproject.commons.model.enums.ContentParam.{ALL, DYNAMIC, STATIC}
import com.openbankproject.commons.model.enums.LanguageParam._
import com.openbankproject.commons.model.enums.{ContentParam, LanguageParam}
import com.openbankproject.commons.util.ApiStandards._
import com.openbankproject.commons.util.{ApiVersion, ScannedApiVersion}
import com.tesobe.{CacheKeyFromArguments, CacheKeyOmit}
import com.tesobe.CacheKeyFromArguments
import net.liftweb.common.{Box, Empty, Full}
import net.liftweb.http.{JsonResponse, LiftRules, S}
import net.liftweb.json
@ -27,9 +29,6 @@ import net.liftweb.json.JsonAST.{JField, JString, JValue}
import net.liftweb.json._
import net.liftweb.util.Helpers.tryo
import net.liftweb.util.Props
import com.github.dwickern.macros.NameOf.nameOf
import com.openbankproject.commons.model.ListResult
import com.openbankproject.commons.model.enums.ContentParam.{ALL, DYNAMIC, STATIC}
import scala.collection.immutable.{List, Nil}
@ -42,8 +41,6 @@ import code.api.v2_1_0.{APIMethods210, OBPAPI2_1_0}
import scala.collection.mutable.ArrayBuffer
// So we can include resource docs from future versions
import java.text.SimpleDateFormat
import code.api.util.ErrorMessages._
import code.util.Helper.booleanToBox
@ -399,7 +396,7 @@ trait ResourceDocsAPIMethods extends MdcLoggable with APIMethods220 with APIMeth
_ <- if (resourceDocsRequireRole)//If set resource_docs_requires_role=true, we need check the authentication and the roles
for{
u <- cc.user ?~ UserNotLoggedIn
hasCanReadResourceDocRole <- booleanToBox(hasEntitlement("", u.userId, ApiRole.canReadResourceDoc), UserHasMissingRoles + CanReadResourceDoc)
hasCanReadResourceDocRole <- NewStyle.function.ownEntitlement("", u.userId, ApiRole.canReadResourceDoc, cc.callContext)
} yield{
hasCanReadResourceDocRole
}

9
obp-api/src/main/scala/code/api/berlin/group/v1_3/PaymentInitiationServicePISApi.scala
View File

@ -572,13 +572,10 @@ $additionalInstructions
(_, callContext) <- NewStyle.function.validateAndCheckIbanNumber(toAccountIban, callContext)
(toAccount, callContext) <- NewStyle.function.getToBankAccountByIban(toAccountIban, callContext)
_ <- Helper.booleanToFuture(InsufficientAuthorisationToCreateTransactionRequest) {
u.hasOwnerViewAccess(BankIdAccountId(fromAccount.bankId,fromAccount.accountId)) == true ||
hasEntitlement(fromAccount.bankId.value, u.userId, ApiRole.canCreateAnyTransactionRequest) == true
}
_ <- if (u.hasOwnerViewAccess(BankIdAccountId(fromAccount.bankId,fromAccount.accountId))) Future.successful(Full(Unit))
else NewStyle.function.hasEntitlement(fromAccount.bankId.value, u.userId, ApiRole.canCreateAnyTransactionRequest, callContext, InsufficientAuthorisationToCreateTransactionRequest)
// Prevent default value for transaction request type (at least).
// Prevent default value for transaction request type (at least).
_ <- Helper.booleanToFuture(s"From Account Currency is ${fromAccount.currency}, but Requested Transaction Currency is: ${transDetailsJson.instructedAmount.currency}") {
transDetailsJson.instructedAmount.currency == fromAccount.currency
}

2
obp-api/src/main/scala/code/api/util/APIUtil.scala
View File

@ -3441,7 +3441,7 @@ object APIUtil extends MdcLoggable with CustomJsonFormats{
case x => anonymousAccess(x)
}
private val checkRolesFun: PartialFunction[String, (String, List[ApiRole]) => Future[Box[Unit]]] = {
case x => NewStyle.function.hasAtLeastOneEntitlement(x, _, _)
case x => NewStyle.function.hasAtLeastOneEntitlement(x, _, _, None)
}
private val checkBankFun: PartialFunction[BankId, Option[CallContext] => OBPReturnType[Bank]] = {
case x => NewStyle.function.getBank(x, _)

64
obp-api/src/main/scala/code/api/util/NewStyle.scala
View File

@ -7,7 +7,7 @@ import akka.http.scaladsl.model.HttpMethod
import code.DynamicEndpoint.{DynamicEndpointProvider, DynamicEndpointT}
import code.api.APIFailureNewStyle
import code.api.cache.Caching
import code.api.util.APIUtil.{OBPReturnType, canGrantAccessToViewCommon, canRevokeAccessToViewCommon, connectorEmptyResponse, createHttpParamsByUrlFuture, createQueriesByHttpParamsFuture, fullBoxOrException, generateUUID, unboxFull, unboxFullOrFail}
import code.api.util.APIUtil.{EntitlementAndScopeStatus, OBPReturnType, canGrantAccessToViewCommon, canRevokeAccessToViewCommon, connectorEmptyResponse, createHttpParamsByUrlFuture, createQueriesByHttpParamsFuture, fullBoxOrException, generateUUID, unboxFull, unboxFullOrFail}
import code.api.util.ApiRole.canCreateAnyTransactionRequest
import code.api.util.ErrorMessages.{InsufficientAuthorisationToCreateTransactionRequest, _}
import code.api.v1_2_1.OBPAPI1_2_1.Implementations1_2_1
@ -32,7 +32,7 @@ import code.model._
import code.model.dataAccess.{BankAccountRouting, DoubleEntryBookTransaction}
import code.standingorders.StandingOrderTrait
import code.usercustomerlinks.UserCustomerLink
import code.util.Helper
import code.util.{Helper, JsonSchemaUtil}
import com.openbankproject.commons.util.{ApiVersion, JsonUtils}
import code.views.Views
import code.webhook.AccountWebhook
@ -43,7 +43,7 @@ import com.openbankproject.commons.model.enums.StrongCustomerAuthenticationStatu
import com.openbankproject.commons.model.enums._
import com.openbankproject.commons.model.{AccountApplication, Bank, Customer, CustomerAddress, Product, ProductCollection, ProductCollectionItem, TaxResidence, UserAuthContext, UserAuthContextUpdate, _}
import com.tesobe.CacheKeyFromArguments
import net.liftweb.common.{Box, Empty, Full}
import net.liftweb.common.{Box, Empty, Full, ParamFailure}
import net.liftweb.http.provider.HTTPParam
import net.liftweb.json.JsonAST._
import net.liftweb.json.JsonDSL._
@ -379,7 +379,7 @@ object NewStyle {
def checkAuthorisationToCreateTransactionRequest(viewId : ViewId, bankAccountId: BankIdAccountId, user: User, callContext: Option[CallContext]) : Future[Boolean] = {
Future{
code.api.util.APIUtil.hasEntitlement(bankAccountId.bankId.value, user.userId, canCreateAnyTransactionRequest) match {
APIUtil.hasEntitlement(bankAccountId.bankId.value, user.userId, canCreateAnyTransactionRequest) match {
case true => Full(true)
case false => user.hasOwnerViewAccess(BankIdAccountId(bankAccountId.bankId,bankAccountId.accountId)) match {
case true => Full(true)
@ -707,24 +707,62 @@ object NewStyle {
}
}
private def validateRequestPayload[T](callContext: Option[CallContext])(boxResult: Box[T]): Box[T] = {
val validationResult: Option[String] = callContext.flatMap(_.resourceDocument)
.filter(v => v.isNotEndpointAuthCheck) // endpoint not do auth check automatic
.flatMap(v => JsonSchemaUtil.validateRequest(callContext)(v.operationId)) // request payload validation error message
def hasEntitlement(failMsg: String)(bankId: String, userId: String, role: ApiRole): Future[Box[Unit]] = {
Helper.booleanToFuture(failMsg + role.toString()) {
APIUtil.hasEntitlement(bankId, userId, role)
if(boxResult.isEmpty || validationResult.isEmpty) {
boxResult
} else {
val Some(errorMsg) = validationResult
val apiFailure = APIFailureNewStyle(errorMsg, 401, callContext.map(_.toLight))
val failure = ParamFailure(errorMsg, apiFailure)
fullBoxOrException(failure)
}
}
def hasEntitlement(bankId: String, userId: String, role: ApiRole, callContext: Option[CallContext] = None): Future[Box[Unit]] = {
hasEntitlement(UserHasMissingRoles)(bankId, userId, role)
def hasEntitlement(bankId: String, userId: String, role: ApiRole, callContext: Option[CallContext], errorMsg: String = ""): Future[Box[Unit]] = {
val errorInfo = if(StringUtils.isBlank(errorMsg)) UserHasMissingRoles + role.toString()
else errorMsg
Helper.booleanToFuture(errorInfo) {
APIUtil.hasEntitlement(bankId, userId, role)
} map validateRequestPayload(callContext)
}
// scala not allow overload method both have default parameter, so this method name is just in order avoid the same name with hasEntitlement
def ownEntitlement(bankId: String, userId: String, role: ApiRole,callContext: Option[CallContext], errorMsg: String = ""): Box[Unit] = {
val errorInfo = if(StringUtils.isBlank(errorMsg)) UserHasMissingRoles + role.toString()
else errorMsg
val boxResult = Helper.booleanToBox(APIUtil.hasEntitlement(bankId, userId, role), errorInfo)
validateRequestPayload(callContext)(boxResult)
}
def hasAtLeastOneEntitlement(failMsg: => String)(bankId: String, userId: String, roles: List[ApiRole]): Future[Box[Unit]] =
def hasAtLeastOneEntitlement(failMsg: => String)(bankId: String, userId: String, roles: List[ApiRole], callContext: Option[CallContext]): Future[Box[Unit]] =
Helper.booleanToFuture(failMsg) {
APIUtil.hasAtLeastOneEntitlement(bankId, userId, roles)
}
} map validateRequestPayload(callContext)
def hasAtLeastOneEntitlement(bankId: String, userId: String, roles: List[ApiRole]): Future[Box[Unit]] =
hasAtLeastOneEntitlement(UserHasMissingRoles + roles.mkString(" or "))(bankId, userId, roles)
def hasAtLeastOneEntitlement(bankId: String, userId: String, roles: List[ApiRole], callContext: Option[CallContext]): Future[Box[Unit]] =
hasAtLeastOneEntitlement(UserHasMissingRoles + roles.mkString(" or "))(bankId, userId, roles, callContext)
def hasAllEntitlements(bankId: String, userId: String, roles: List[ApiRole], callContext: Option[CallContext]): Box[Unit] = {
val boxResult = Helper.booleanToBox(APIUtil.hasAllEntitlements(bankId, userId, roles), s"$UserHasMissingRoles${roles.mkString(" and ")} entitlements are required.")
validateRequestPayload(callContext)(boxResult)
}
def hasAllEntitlements(bankId: String, userId: String, specificBankRoles: List[ApiRole], anyBankRoles: List[ApiRole], callContext: Option[CallContext]): Box[Unit] = {
val errorMsg = UserHasMissingRoles + specificBankRoles.mkString(" and ") + " OR " + anyBankRoles.mkString(" and ") + " entitlements are required."
val boxResult = Helper.booleanToBox(
APIUtil.hasAllEntitlements(bankId, userId, specificBankRoles) || APIUtil.hasAllEntitlements("", userId, anyBankRoles),
errorMsg)
validateRequestPayload(callContext)(boxResult)
}
def hasEntitlementAndScope(bankId: String, userId: String, consumerId: String, role: ApiRole, callContext: Option[CallContext]): Box[EntitlementAndScopeStatus] = {
val boxResult = APIUtil.hasEntitlementAndScope(bankId, userId, consumerId, role)
validateRequestPayload(callContext)(boxResult)
}
def createUserAuthContext(userId: String, key: String, value: String, callContext: Option[CallContext]): OBPReturnType[UserAuthContext] = {
Connector.connector.vend.createUserAuthContext(userId, key, value, callContext) map {

3
obp-api/src/main/scala/code/api/v1_4_0/APIMethods140.scala
View File

@ -650,8 +650,7 @@ trait APIMethods140 extends MdcLoggable with APIMethods130 with APIMethods121{
(bank, callContext ) <- BankX(bankId, Some(cc)) ?~! {ErrorMessages.BankNotFound}
postedData <- tryo{json.extract[CreateCustomerJson]} ?~! ErrorMessages.InvalidJsonFormat
requiredEntitlements = ApiRole.canCreateCustomer :: ApiRole.canCreateUserCustomerLink :: Nil
requiredEntitlementsTxt = requiredEntitlements.mkString(" and ")
_ <- booleanToBox(hasAllEntitlements(bankId.value, u.userId, requiredEntitlements), s"$requiredEntitlementsTxt entitlements required")
_ <- NewStyle.function.hasAllEntitlements(bankId.value, u.userId, requiredEntitlements, callContext)
_ <- tryo(assert(CustomerX.customerProvider.vend.checkCustomerNumberAvailable(bankId, postedData.customer_number) == true)) ?~! ErrorMessages.CustomerNumberAlreadyExists
user_id <- tryo{if (postedData.user_id.nonEmpty) postedData.user_id else u.userId} ?~ s"Problem getting user_id"
_ <- UserX.findByUserId(user_id) ?~! ErrorMessages.UserNotFoundById

46
obp-api/src/main/scala/code/api/v2_0_0/APIMethods200.scala
View File

@ -590,7 +590,7 @@ trait APIMethods200 {
for {
u <- cc.user ?~! ErrorMessages.UserNotLoggedIn
(bank, callContext) <- BankX(bankId, Some(cc)) ?~! BankNotFound
_ <- booleanToBox(hasEntitlement(bank.bankId.value, u.userId, canGetSocialMediaHandles), UserHasMissingRoles + CanGetSocialMediaHandles)
_ <- NewStyle.function.ownEntitlement(bank.bankId.value, u.userId, canGetSocialMediaHandles, cc.callContext)
customer <- CustomerX.customerProvider.vend.getCustomerByCustomerId(customerId) ?~! ErrorMessages.CustomerNotFoundByCustomerId
} yield {
val kycSocialMedias = SocialMediaHandle.socialMediaHandleProvider.vend.getSocialMedias(customer.number)
@ -827,7 +827,7 @@ trait APIMethods200 {
postedData <- tryo{json.extract[SocialMediaJSON]} ?~! ErrorMessages.InvalidJsonFormat
_ <- tryo(assert(isValidID(bankId.value)))?~! ErrorMessages.InvalidBankIdFormat
(bank, callContext) <- BankX(bankId, Some(cc)) ?~! BankNotFound
_ <- booleanToBox(hasEntitlement(bank.bankId.value, u.userId, canAddSocialMediaHandle), UserHasMissingRoles + CanAddSocialMediaHandle)
_ <- NewStyle.function.ownEntitlement(bank.bankId.value, u.userId, canAddSocialMediaHandle, cc.callContext)
_ <- CustomerX.customerProvider.vend.getCustomerByCustomerId(customerId) ?~! ErrorMessages.CustomerNotFoundByCustomerId
_ <- booleanToBox(
SocialMediaHandle.socialMediaHandleProvider.vend.addSocialMedias(
@ -1113,7 +1113,9 @@ trait APIMethods200 {
postedOrLoggedInUser <- UserX.findByUserId(user_id) ?~! ErrorMessages.UserNotFoundById
(bank, callContext ) <- BankX(bankId, Some(cc)) ?~! s"Bank $bankId not found"
// User can create account for self or an account for another user if they have CanCreateAccount role
_ <- booleanToBox(hasEntitlement(bankId.value, loggedInUser.userId, canCreateAccount) == true || (user_id == loggedInUser.userId) , s"User must either create account for self or have role $CanCreateAccount")
_ <- if (user_id == loggedInUser.userId) Full(Unit)
else NewStyle.function.ownEntitlement(bankId.value, loggedInUser.userId, canCreateAccount, callContext, s"User must either create account for self or have role $CanCreateAccount")
initialBalanceAsString <- tryo (jsonBody.balance.amount) ?~! ErrorMessages.InvalidAccountBalanceAmount
accountType <- tryo(jsonBody.`type`) ?~! ErrorMessages.InvalidAccountType
accountLabel <- tryo(jsonBody.`type`) //?~! ErrorMessages.InvalidAccountLabel // TODO looks strange.
@ -1282,7 +1284,7 @@ trait APIMethods200 {
case Full(_) =>
booleanToBox(u.hasOwnerViewAccess(BankIdAccountId(fromAccount.bankId,fromAccount.accountId)) == true)
case _ =>
booleanToBox(hasEntitlement(fromAccount.bankId.value, u.userId, canCreateAnyTransactionRequest) == true, InsufficientAuthorisationToCreateTransactionRequest)
NewStyle.function.ownEntitlement(fromAccount.bankId.value, u.userId, canCreateAnyTransactionRequest, cc.callContext, InsufficientAuthorisationToCreateTransactionRequest)
}
toBankId <- tryo(BankId(transBodyJson.to.bank_id))
toAccountId <- tryo(AccountId(transBodyJson.to.account_id))
@ -1347,8 +1349,8 @@ trait APIMethods200 {
(bank, callContext ) <- BankX(bankId, Some(cc)) ?~! BankNotFound
fromAccount <- BankAccountX(bankId, accountId) ?~! AccountNotFound
view <-APIUtil.checkViewAccessAndReturnView(viewId, BankIdAccountId(fromAccount.bankId, fromAccount.accountId), Some(u))
_ <- booleanToBox(u.hasOwnerViewAccess(BankIdAccountId(fromAccount.bankId,fromAccount.accountId)) == true || hasEntitlement(fromAccount.bankId.value, u.userId, canCreateAnyTransactionRequest) == true, InsufficientAuthorisationToCreateTransactionRequest)
_ <- if (u.hasOwnerViewAccess(BankIdAccountId(fromAccount.bankId,fromAccount.accountId))) Full(Unit)
else NewStyle.function.ownEntitlement(fromAccount.bankId.value, u.userId, canCreateAnyTransactionRequest, cc.callContext, InsufficientAuthorisationToCreateTransactionRequest)
// Note: These checks are not in the ideal order. See version 2.1.0 which supercedes this
answerJson <- tryo{json.extract[ChallengeAnswerJSON]} ?~! InvalidJsonFormat
@ -1735,7 +1737,7 @@ trait APIMethods200 {
canCreateUserCustomerLink ::
Nil
requiredEntitlementsTxt = requiredEntitlements.mkString(" and ")
_ <- booleanToBox(hasAllEntitlements(bankId.value, u.userId, requiredEntitlements), UserHasMissingRoles + requiredEntitlementsTxt)
_ <- NewStyle.function.hasAllEntitlements(bankId.value, u.userId, requiredEntitlements, callContext)
_ <- tryo(assert(CustomerX.customerProvider.vend.checkCustomerNumberAvailable(bankId, postedData.customer_number) == true)) ?~! ErrorMessages.CustomerNumberAlreadyExists
user_id <- tryo (if (postedData.user_id.nonEmpty) postedData.user_id else u.userId) ?~! s"Problem getting user_id"
_ <- UserX.findByUserId(user_id) ?~! ErrorMessages.UserNotFoundById
@ -1827,8 +1829,8 @@ trait APIMethods200 {
cc =>
for {
l <- cc.user ?~! ErrorMessages.UserNotLoggedIn
_ <- booleanToBox(hasEntitlement("", l.userId, ApiRole.canGetAnyUser), UserHasMissingRoles + CanGetAnyUser )
// Workaround to get userEmail address directly from URI without needing to URL-encode it
_ <- NewStyle.function.ownEntitlement("", l.userId, ApiRole.canGetAnyUser, cc.callContext)
// Workaround to get userEmail address directly from URI without needing to URL-encode it
users <- tryo{AuthUser.getResourceUsersByEmail(CurrentReq.value.uri.split("/").last)} ?~! {ErrorMessages.UserNotFoundByEmail}
}
yield {
@ -1890,9 +1892,8 @@ trait APIMethods200 {
user <- UserX.findByUserId(postedData.user_id) ?~! ErrorMessages.UserNotFoundById
_ <- booleanToBox(postedData.customer_id.nonEmpty) ?~! "Field customer_id is not defined in the posted json!"
(customer, callContext) <- Connector.connector.vend.getCustomerByCustomerIdLegacy(postedData.customer_id, callContext) ?~! ErrorMessages.CustomerNotFoundByCustomerId
_ <- booleanToBox(hasAllEntitlements(bankId.value, u.userId, createUserCustomerLinksEntitlementsRequiredForSpecificBank) ||
hasAllEntitlements("", u.userId, createUserCustomerLinksEntitlementsRequiredForAnyBank),
s"$createUserCustomerLinksrequiredEntitlementsText")
_ <- NewStyle.function.hasAllEntitlements(bankId.value, u.userId, createUserCustomerLinksEntitlementsRequiredForSpecificBank,
createUserCustomerLinksEntitlementsRequiredForAnyBank, callContext)
_ <- booleanToBox(customer.bankId == bank.bankId.value, s"Bank of the customer specified by the CUSTOMER_ID(${customer.bankId}) has to matches BANK_ID(${bank.bankId.value}) in URL")
_ <- booleanToBox(UserCustomerLink.userCustomerLink.vend.getUserCustomerLink(postedData.user_id, postedData.customer_id).isEmpty == true) ?~! CustomerAlreadyExistsForUser
userCustomerLink <- UserCustomerLink.userCustomerLink.vend.createUserCustomerLink(postedData.user_id, postedData.customer_id, new Date(), true) ?~! CreateUserCustomerLinksError
@ -1959,8 +1960,7 @@ trait APIMethods200 {
allowedEntitlements = canCreateEntitlementAtOneBank :: canCreateEntitlementAtAnyBank :: Nil
allowedEntitlementsTxt = UserNotSuperAdmin +" or" + UserHasMissingRoles + canCreateEntitlementAtOneBank + s" BankId(${postedData.bank_id})." + " or" + UserHasMissingRoles + canCreateEntitlementAtAnyBank
_ <- if(isSuperAdmin(u.userId)) Future.successful(Full(Unit))
else NewStyle.function.hasAtLeastOneEntitlement(allowedEntitlementsTxt)(postedData.bank_id, u.userId, allowedEntitlements)
else NewStyle.function.hasAtLeastOneEntitlement(allowedEntitlementsTxt)(postedData.bank_id, u.userId, allowedEntitlements, callContext)
_ <- Helper.booleanToFuture(failMsg = BankNotFound) {
postedData.bank_id.nonEmpty == false || BankX(BankId(postedData.bank_id), callContext).map(_._1).isEmpty == false
@ -2000,8 +2000,8 @@ trait APIMethods200 {
cc =>
for {
u <- cc.user ?~ ErrorMessages.UserNotLoggedIn
_ <- booleanToBox(hasEntitlement("", u.userId, canGetEntitlementsForAnyUserAtAnyBank), UserHasMissingRoles + CanGetEntitlementsForAnyUserAtAnyBank )
entitlements <- Entitlement.entitlement.vend.getEntitlementsByUserId(userId)
_ <- NewStyle.function.ownEntitlement("", u.userId, canGetEntitlementsForAnyUserAtAnyBank, cc.callContext)
entitlements <- Entitlement.entitlement.vend.getEntitlementsByUserId(userId)
}
yield {
var json = EntitlementJSONs(Nil)
@ -2044,10 +2044,9 @@ trait APIMethods200 {
cc =>
for {
(Full(u), callContext) <- authenticatedAccess(cc)
_ <- Helper.booleanToFuture(s"$UserHasMissingRoles $canDeleteEntitlementAtAnyBank") {
hasEntitlement("", u.userId, canDeleteEntitlementAtAnyBank)
}
entitlement <- Future(Entitlement.entitlement.vend.getEntitlementById(entitlementId)) map {
_ <- NewStyle.function.hasEntitlement("", u.userId, canDeleteEntitlementAtAnyBank, cc.callContext)
entitlement <- Future(Entitlement.entitlement.vend.getEntitlementById(entitlementId)) map {
x => fullBoxOrException(x ~> APIFailureNewStyle(EntitlementNotFound, 404, callContext.map(_.toLight)))
} map { unboxFull(_) }
_ <- Helper.booleanToFuture(UserDoesNotHaveEntitlement) { entitlement.userId == userId }
@ -2083,10 +2082,9 @@ trait APIMethods200 {
cc =>
for {
(Full(u), callContext) <- authenticatedAccess(cc)
_ <- Helper.booleanToFuture(failMsg = UserHasMissingRoles + CanGetEntitlementsForAnyUserAtAnyBank) {
hasEntitlement("", u.userId, canGetEntitlementsForAnyUserAtAnyBank)
}
entitlements <- Entitlement.entitlement.vend.getEntitlementsFuture() map {
_ <- NewStyle.function.hasEntitlement("", u.userId, canGetEntitlementsForAnyUserAtAnyBank,callContext)
entitlements <- Entitlement.entitlement.vend.getEntitlementsFuture() map {
connectorEmptyResponse(_, callContext)
}
} yield {

38
obp-api/src/main/scala/code/api/v2_1_0/APIMethods210.scala
View File

@ -114,7 +114,7 @@ trait APIMethods210 {
u <- cc.user ?~! UserNotLoggedIn
allowDataImportProp <- APIUtil.getPropsValue("allow_sandbox_data_import") ~> APIFailure(DataImportDisabled, 403)
_ <- Helper.booleanToBox(allowDataImportProp == "true") ~> APIFailure(DataImportDisabled, 403)
_ <- booleanToBox(hasEntitlement("", u.userId, canCreateSandbox), s"$UserHasMissingRoles $CanCreateSandbox")
_ <- NewStyle.function.ownEntitlement("", u.userId, canCreateSandbox, cc.callContext)
_ <- OBPDataImport.importer.vend.importData(importData)
} yield {
successJsonResponse(Extraction.decompose(successMessage), 201)
@ -796,7 +796,7 @@ trait APIMethods210 {
canGetEntitlementsForAnyUserAtAnyBank::
Nil
allowedEntitlementsTxt = UserHasMissingRoles + allowedEntitlements.mkString(" or ")
_ <- NewStyle.function.hasAtLeastOneEntitlement(failMsg = allowedEntitlementsTxt)(bankId.value, loggedInUser.userId, allowedEntitlements)
_ <- NewStyle.function.hasAtLeastOneEntitlement(failMsg = allowedEntitlementsTxt)(bankId.value, loggedInUser.userId, allowedEntitlements, callContext)
entitlements <- NewStyle.function.getEntitlementsByUserId(userId, callContext)
}
yield {
@ -842,7 +842,8 @@ trait APIMethods210 {
cc =>
for {
u <- cc.user ?~! UserNotLoggedIn
_ <- booleanToBox(hasEntitlement("", u.userId, ApiRole.canGetConsumers), UserHasMissingRoles + CanGetConsumers)
_ <- NewStyle.function.ownEntitlement("", u.userId, ApiRole.canGetConsumers, cc.callContext)
consumerIdToLong <- tryo{consumerId.toLong} ?~! InvalidConsumerId
consumer <- Consumers.consumers.vend.getConsumerByPrimaryId(consumerIdToLong)
} yield {
@ -879,7 +880,7 @@ trait APIMethods210 {
cc =>
for {
u <- cc.user ?~! UserNotLoggedIn
_ <- booleanToBox(hasEntitlement("", u.userId, ApiRole.canGetConsumers), UserHasMissingRoles + CanGetConsumers )
_ <- NewStyle.function.ownEntitlement("", u.userId, ApiRole.canGetConsumers, cc.callContext)
consumers <- Some(Consumer.findAll())
} yield {
// Format the data as json
@ -918,8 +919,8 @@ trait APIMethods210 {
u <- cc.user ?~! UserNotLoggedIn
putData <- tryo{json.extract[PutEnabledJSON]} ?~! InvalidJsonFormat
_ <- putData.enabled match {
case true => booleanToBox(hasEntitlement("", u.userId, ApiRole.canEnableConsumers), UserHasMissingRoles + CanEnableConsumers )
case false => booleanToBox(hasEntitlement("", u.userId, ApiRole.canDisableConsumers),UserHasMissingRoles + CanDisableConsumers )
case true => NewStyle.function.ownEntitlement("", u.userId, ApiRole.canEnableConsumers, cc.callContext)
case false => NewStyle.function.ownEntitlement("", u.userId, ApiRole.canDisableConsumers, cc.callContext)
}
consumer <- Consumers.consumers.vend.getConsumerByPrimaryId(consumerId.toLong)
updatedConsumer <- Consumers.consumers.vend.updateConsumer(consumer.id.get, None, None, Some(putData.enabled), None, None, None, None, None, None) ?~! "Cannot update Consumer"
@ -1044,9 +1045,7 @@ trait APIMethods210 {
cc =>
for {
(Full(u), callContext) <- authenticatedAccess(cc)
_ <- Helper.booleanToFuture(failMsg = UserHasMissingRoles + CanGetAnyUser) {
hasEntitlement("", u.userId, ApiRole.canGetAnyUser)
}
_ <- NewStyle.function.hasEntitlement("", u.userId, ApiRole.canGetAnyUser, callContext)
queryParams <- unboxFullAndWrapIntoFuture{ createQueriesByHttpParams(callContext.get.requestHeaders) }
users <- Users.users.vend.getAllUsersF(queryParams)
} yield {
@ -1097,7 +1096,7 @@ trait APIMethods210 {
u <- cc.user ?~! UserNotLoggedIn
(bank, callContext) <- BankX(bankId, Some(cc)) ?~! BankNotFound
postedData <- tryo {json.extract[TransactionTypeJsonV200]} ?~! InvalidJsonFormat
_ <- booleanToBox(hasEntitlement(bank.bankId.value, u.userId, canCreateTransactionType) == true,InsufficientAuthorisationToCreateTransactionType)
_ <- NewStyle.function.ownEntitlement(bank.bankId.value, u.userId, canCreateTransactionType, callContext, InsufficientAuthorisationToCreateTransactionType)
returnTranscationType <- TransactionType.TransactionTypeProvider.vend.createOrUpdateTransactionType(postedData)
} yield {
successJsonResponse(Extraction.decompose(returnTranscationType))
@ -1354,11 +1353,7 @@ trait APIMethods210 {
_ <- tryo(assert(isValidID(bankId.value)))?~! InvalidBankIdFormat
(bank, callContext ) <- BankX(bankId, Some(cc)) ?~! {BankNotFound}
postedData <- tryo{json.extract[PostCustomerJsonV210]} ?~! InvalidJsonFormat
_ <- booleanToBox(
hasAllEntitlements(bankId.value, u.userId, createCustomerEntitlementsRequiredForSpecificBank)
||
hasAllEntitlements("", u.userId, createCustomerEntitlementsRequiredForAnyBank),
s"$UserHasMissingRoles$createCustomeEntitlementsRequiredText")
_ <- NewStyle.function.hasAllEntitlements(bankId.value, u.userId, createCustomerEntitlementsRequiredForSpecificBank, createCustomerEntitlementsRequiredForAnyBank, callContext)
_ <- tryo(assert(CustomerX.customerProvider.vend.checkCustomerNumberAvailable(bankId, postedData.customer_number) == true)) ?~! CustomerNumberAlreadyExists
user_id <- tryo (if (postedData.user_id.nonEmpty) postedData.user_id else u.userId) ?~! s"Problem getting user_id"
customer_user <- UserX.findByUserId(user_id) ?~! UserNotFoundById
@ -1499,7 +1494,7 @@ trait APIMethods210 {
u <- cc.user ?~ UserNotLoggedIn
(bank, callContext) <- BankX(bankId, Some(cc)) ?~! {BankNotFound}
branchJsonPutV210 <- tryo {json.extract[BranchJsonPutV210]} ?~! InvalidJsonFormat
_ <- booleanToBox(hasEntitlement(bank.bankId.value, u.userId, canUpdateBranch) == true, s"$UserHasMissingRoles $canUpdateBranch")
_ <- NewStyle.function.ownEntitlement(bank.bankId.value, u.userId, canUpdateBranch, callContext)
//package the BranchJsonPut to toBranchJsonPost, to call the createOrUpdateBranch method
// branchPost <- toBranchJsonPost(branchId, branchJsonPutV210)
@ -1541,7 +1536,7 @@ trait APIMethods210 {
u <- cc.user ?~ UserNotLoggedIn
(bank, callContext) <- BankX(bankId, Some(cc)) ?~! {BankNotFound}
branchJsonPostV210 <- tryo {json.extract[BranchJsonPostV210]} ?~! InvalidJsonFormat
_ <- booleanToBox(hasEntitlement(bank.bankId.value, u.userId, canCreateBranch) == true, InsufficientAuthorisationToCreateBranch)
_ <- NewStyle.function.ownEntitlement(bank.bankId.value, u.userId, canCreateBranch, cc.callContext, InsufficientAuthorisationToCreateBranch)
branch <- transformToBranch(branchJsonPostV210)
success <- Connector.connector.vend.createOrUpdateBranch(branch)
} yield {
@ -1581,11 +1576,10 @@ trait APIMethods210 {
cc =>
for {
u <- cc.user ?~ UserNotLoggedIn
_ <- booleanToBox(
hasEntitlement("", u.userId, ApiRole.canUpdateConsumerRedirectUrl) || APIUtil.getPropsAsBoolValue("consumers_enabled_by_default", false),
UserHasMissingRoles + CanUpdateConsumerRedirectUrl
)
postJson <- tryo {json.extract[ConsumerRedirectUrlJSON]} ?~! InvalidJsonFormat
_ <- if(APIUtil.getPropsAsBoolValue("consumers_enabled_by_default", false)) Full(Unit)
else NewStyle.function.ownEntitlement("", u.userId, ApiRole.canUpdateConsumerRedirectUrl, cc.callContext)
postJson <- tryo {json.extract[ConsumerRedirectUrlJSON]} ?~! InvalidJsonFormat
consumerIdToLong <- tryo{consumerId.toLong} ?~! InvalidConsumerId
consumer <- Consumers.consumers.vend.getConsumerByPrimaryId(consumerIdToLong) ?~! {ConsumerNotFoundByConsumerId}
//only the developer that created the Consumer should be able to edit it

49
obp-api/src/main/scala/code/api/v2_2_0/APIMethods220.scala
View File

@ -4,7 +4,7 @@ import java.util.Date
import code.api.ResourceDocs1_4_0.SwaggerDefinitionsJSON._
import code.api.util.APIUtil._
import code.api.util.ApiRole._
import code.api.util.ApiRole.{canCreateBranch, _}
import code.api.util.ApiTag._
import code.api.util.ErrorMessages.{BankAccountNotFound, _}
import code.api.util.NewStyle.HttpCode
@ -443,7 +443,7 @@ trait APIMethods220 {
bank.id.length > 5,s"$InvalidJsonFormat Min length of BANK_ID should be 5 characters.")
u <- cc.user ?~!ErrorMessages.UserNotLoggedIn
consumer <- cc.consumer ?~! ErrorMessages.InvalidConsumerCredentials
_ <- hasEntitlementAndScope("", u.userId, consumer.id.get.toString, canCreateBank)
_ <- NewStyle.function.hasEntitlementAndScope("", u.userId, consumer.id.get.toString, canCreateBank, cc.callContext)
success <- Connector.connector.vend.createOrUpdateBank(
bank.id,
bank.full_name,
@ -467,8 +467,6 @@ trait APIMethods220 {
// Create Branch
val createBranchEntitlementsRequiredForSpecificBank = CanCreateBranch :: Nil
val createBranchEntitlementsRequiredForAnyBank = CanCreateBranchAtAnyBank :: Nil
val createBranchEntitlementsRequiredText = UserHasMissingRoles + createBranchEntitlementsRequiredForSpecificBank.mkString(" and ") + " entitlements are required OR " + createBranchEntitlementsRequiredForAnyBank.mkString(" and ")
// TODO Put the RequiredEntitlements and AlternativeRequiredEntitlements in the Resource Doc and use that in the Partial Function?
@ -502,10 +500,8 @@ trait APIMethods220 {
for {
u <- cc.user ?~!ErrorMessages.UserNotLoggedIn
(bank, callContext) <- BankX(bankId, Some(cc)) ?~! BankNotFound
canCreateBranch <- booleanToBox(hasEntitlement(bank.bankId.value, u.userId, canCreateBranch) == true
||
hasEntitlement("", u.userId, canCreateBranchAtAnyBank)
, createBranchEntitlementsRequiredText)
canCreateBranch <- NewStyle.function.hasAllEntitlements(bank.bankId.value, u.userId, canCreateBranch::Nil, canCreateBranchAtAnyBank::Nil, callContext)
branchJsonV220 <- tryo {json.extract[BranchJsonV220]} ?~! ErrorMessages.InvalidJsonFormat
branch <- transformV220ToBranch(branchJsonV220)
success <- Connector.connector.vend.createOrUpdateBranch(branch)
@ -520,8 +516,6 @@ trait APIMethods220 {
val createAtmEntitlementsRequiredForSpecificBank = canCreateAtm :: Nil
val createAtmEntitlementsRequiredForAnyBank = canCreateAtmAtAnyBank :: Nil
val createAtmEntitlementsRequiredText = UserHasMissingRoles + createAtmEntitlementsRequiredForSpecificBank.mkString(" and ") + " OR " + createAtmEntitlementsRequiredForAnyBank.mkString(" and ")
resourceDocs += ResourceDoc(
createAtm,
implementedInApiVersion,
@ -531,7 +525,7 @@ trait APIMethods220 {
"Create ATM",
s"""Create ATM for the Bank.
|
|${authenticationRequiredMessage(true) }
|${authenticationRequiredMessage(true) }
|
|""",
atmJsonV220,
@ -554,10 +548,7 @@ trait APIMethods220 {
for {
u <- cc.user ?~!ErrorMessages.UserNotLoggedIn
(bank, callContext) <- BankX(bankId, Some(cc)) ?~! BankNotFound
canCreateAtm <- booleanToBox(hasAllEntitlements(bank.bankId.value, u.userId, createAtmEntitlementsRequiredForSpecificBank) == true
||
hasAllEntitlements("", u.userId, createAtmEntitlementsRequiredForAnyBank),
createAtmEntitlementsRequiredText)
_ <- NewStyle.function.hasAllEntitlements(bank.bankId.value, u.userId, createAtmEntitlementsRequiredForSpecificBank, createAtmEntitlementsRequiredForAnyBank, callContext)
atmJson <- tryo {json.extract[AtmJsonV220]} ?~! ErrorMessages.InvalidJsonFormat
atm <- JSONFactory220.transformToAtmFromV220(atmJson) ?~! {ErrorMessages.CouldNotTransformJsonToInternalModel + " Atm"}
success <- Connector.connector.vend.createOrUpdateAtm(atm)
@ -573,8 +564,6 @@ trait APIMethods220 {
val createProductEntitlementsRequiredForSpecificBank = canCreateProduct :: Nil
val createProductEntitlementsRequiredForAnyBank = canCreateProductAtAnyBank :: Nil
val createProductEntitlementsRequiredText = UserHasMissingRoles + createProductEntitlementsRequiredForSpecificBank.mkString(" and ") + " OR " + createProductEntitlementsRequiredForAnyBank.mkString(" and ")
resourceDocs += ResourceDoc(
createProduct,
implementedInApiVersion,
@ -607,11 +596,8 @@ trait APIMethods220 {
for {
u <- cc.user ?~!ErrorMessages.UserNotLoggedIn
(bank, callContext) <- BankX(bankId, Some(cc)) ?~! BankNotFound
_ <- booleanToBox(hasAllEntitlements(bank.bankId.value, u.userId, createProductEntitlementsRequiredForSpecificBank) == true
||
hasAllEntitlements("", u.userId, createProductEntitlementsRequiredForAnyBank),
createProductEntitlementsRequiredText)
product <- tryo {json.extract[ProductJsonV220]} ?~! ErrorMessages.InvalidJsonFormat
_ <- NewStyle.function.hasAllEntitlements(bank.bankId.value, u.userId, createProductEntitlementsRequiredForSpecificBank, createProductEntitlementsRequiredForAnyBank, callContext)
product <- tryo {json.extract[ProductJsonV220]} ?~! ErrorMessages.InvalidJsonFormat
success <- Connector.connector.vend.createOrUpdateProduct(
bankId = product.bank_id,
code = product.code,
@ -638,8 +624,6 @@ trait APIMethods220 {
val createFxEntitlementsRequiredForSpecificBank = canCreateFxRate :: Nil
val createFxEntitlementsRequiredForAnyBank = canCreateFxRateAtAnyBank :: Nil
val createFxEntitlementsRequiredText = UserHasMissingRoles + createFxEntitlementsRequiredForSpecificBank.mkString(" and ") + " OR " + createFxEntitlementsRequiredForAnyBank.mkString(" and ")
resourceDocs += ResourceDoc(
createFx,
implementedInApiVersion,
@ -684,11 +668,8 @@ trait APIMethods220 {
for {
u <- cc.user ?~!ErrorMessages.UserNotLoggedIn
(bank, callContext) <- BankX(bankId, Some(cc)) ?~! BankNotFound
canCreateFx <- booleanToBox(hasAllEntitlements(bank.bankId.value, u.userId, createFxEntitlementsRequiredForSpecificBank) == true
||
hasAllEntitlements("", u.userId, createFxEntitlementsRequiredForAnyBank),
createFxEntitlementsRequiredText)
fx <- tryo {json.extract[FXRateJsonV220]} ?~! ErrorMessages.InvalidJsonFormat
_ <- NewStyle.function.hasAllEntitlements(bank.bankId.value, u.userId, createFxEntitlementsRequiredForSpecificBank, createFxEntitlementsRequiredForAnyBank, callContext)
fx <- tryo {json.extract[FXRateJsonV220]} ?~! ErrorMessages.InvalidJsonFormat
success <- Connector.connector.vend.createOrUpdateFXRate(
bankId = fx.bank_id,
fromCurrencyCode = fx.from_currency_code,
@ -776,9 +757,9 @@ trait APIMethods220 {
isValidID(accountId.value)
}
_ <- Helper.booleanToFuture(s"${UserHasMissingRoles} $canCreateAccount or create account for self") {
hasEntitlement(bankId.value, loggedInUserId, canCreateAccount) || userIdAccountOwner == loggedInUserId
}
_ <- if(userIdAccountOwner == loggedInUserId) Future.successful(Full(Unit))
else NewStyle.function.hasEntitlement(bankId.value, loggedInUserId, canCreateAccount, callContext, s"${UserHasMissingRoles} $canCreateAccount or create account for self")
initialBalanceAsString = createAccountJson.balance.amount
accountType = createAccountJson.`type`
accountLabel = createAccountJson.label
@ -970,8 +951,8 @@ trait APIMethods220 {
cc =>
for {
u <- cc.user ?~! UserNotLoggedIn
_ <- booleanToBox(hasEntitlement("", u.userId, ApiRole.canCreateConsumer), UserHasMissingRoles + CanCreateConsumer )
postedJson <- tryo {json.extract[ConsumerPostJSON]} ?~! InvalidJsonFormat
_ <- NewStyle.function.ownEntitlement("", u.userId, ApiRole.canCreateConsumer, cc.callContext)
postedJson <- tryo {json.extract[ConsumerPostJSON]} ?~! InvalidJsonFormat
consumer <- Consumers.consumers.vend.createConsumer(Some(generateUUID()),
Some(generateUUID()),
Some(postedJson.enabled),

32
obp-api/src/main/scala/code/api/v3_0_0/APIMethods300.scala
View File

@ -1029,8 +1029,6 @@ trait APIMethods300 {
// Create Branch
val createBranchEntitlementsRequiredForSpecificBank = CanCreateBranch :: Nil
val createBranchEntitlementsRequiredForAnyBank = CanCreateBranchAtAnyBank :: Nil
val createBranchEntitlementsRequiredText = UserHasMissingRoles + createBranchEntitlementsRequiredForSpecificBank.mkString(" and ") + " entitlements are required OR " + createBranchEntitlementsRequiredForAnyBank.mkString(" and ")
// TODO Put the RequiredEntitlements and AlternativeRequiredEntitlements in the Resource Doc and use that in the Partial Function?
@ -1064,12 +1062,7 @@ trait APIMethods300 {
for {
u <- cc.user ?~!ErrorMessages.UserNotLoggedIn
(bank, _) <- BankX(bankId, Some(cc)) ?~! BankNotFound
_ <- booleanToBox(
hasEntitlement(bank.bankId.value, u.userId, canCreateBranch) == true
||
hasEntitlement("", u.userId, canCreateBranchAtAnyBank) == true
, createBranchEntitlementsRequiredText
)
_ <- NewStyle.function.hasAllEntitlements(bank.bankId.value, u.userId, canCreateBranch::Nil, canCreateBranchAtAnyBank::Nil, cc.callContext)
branchJsonV300 <- tryo {json.extract[BranchJsonV300]} ?~! {ErrorMessages.InvalidJsonFormat + " BranchJsonV300"}
_ <- booleanToBox(branchJsonV300.bank_id == bank.bankId.value, "BANK_ID has to be the same in the URL and Body")
branch <- transformToBranchFromV300(branchJsonV300) ?~! {ErrorMessages.CouldNotTransformJsonToInternalModel + " Branch"}
@ -1111,7 +1104,7 @@ trait APIMethods300 {
for {
u <- cc.user ?~!ErrorMessages.UserNotLoggedIn
(bank, _) <- BankX(bankId, Some(cc)) ?~! BankNotFound
_ <- booleanToBox(hasEntitlement(bank.bankId.value, u.userId, canUpdateBranch) == true, s"$UserHasMissingRoles $canUpdateBranch")
_ <- NewStyle.function.ownEntitlement(bank.bankId.value, u.userId, canUpdateBranch, cc.callContext)
postBranchJsonV300 <- tryo {json.extract[PostBranchJsonV300]} ?~! {ErrorMessages.InvalidJsonFormat + PostBranchJsonV300.toString()}
branchJsonV300 = BranchJsonV300(
id = branchId.value,
@ -1142,8 +1135,6 @@ trait APIMethods300 {
val createAtmEntitlementsRequiredForSpecificBank = canCreateAtm :: Nil
val createAtmEntitlementsRequiredForAnyBank = canCreateAtmAtAnyBank :: Nil
val createAtmEntitlementsRequiredText = UserHasMissingRoles + createAtmEntitlementsRequiredForSpecificBank.mkString(" and ") + " OR " + createAtmEntitlementsRequiredForAnyBank.mkString(" and ")
resourceDocs += ResourceDoc(
createAtm,
implementedInApiVersion,
@ -1176,11 +1167,8 @@ trait APIMethods300 {
for {
u <- cc.user ?~!ErrorMessages.UserNotLoggedIn
(bank, _) <- BankX(bankId, Some(cc)) ?~! BankNotFound
_ <- booleanToBox(hasAllEntitlements(bank.bankId.value, u.userId, createAtmEntitlementsRequiredForSpecificBank) == true
||
hasAllEntitlements("", u.userId, createAtmEntitlementsRequiredForAnyBank),
createAtmEntitlementsRequiredText)
atmJson <- tryo {json.extract[AtmJsonV300]} ?~! ErrorMessages.InvalidJsonFormat
_ <- NewStyle.function.hasAllEntitlements(bank.bankId.value, u.userId, createAtmEntitlementsRequiredForSpecificBank, createAtmEntitlementsRequiredForAnyBank, cc.callContext)
atmJson <- tryo {json.extract[AtmJsonV300]} ?~! ErrorMessages.InvalidJsonFormat
atm <- transformToAtmFromV300(atmJson) ?~! {ErrorMessages.CouldNotTransformJsonToInternalModel + " Atm"}
_ <- booleanToBox(atmJson.bank_id == bank.bankId.value, "BANK_ID has to be the same in the URL and Body")
success <- Connector.connector.vend.createOrUpdateAtm(atm)
@ -1873,7 +1861,7 @@ trait APIMethods300 {
val allowedEntitlementsTxt = allowedEntitlements.mkString(" or ")
for {
(Full(u), callContext) <- authenticatedAccess(cc)
_ <- NewStyle.function.hasAtLeastOneEntitlement(failMsg = UserHasMissingRoles + allowedEntitlementsTxt)("", u.userId, allowedEntitlements)
_ <- NewStyle.function.hasAtLeastOneEntitlement(failMsg = UserHasMissingRoles + allowedEntitlementsTxt)("", u.userId, allowedEntitlements, callContext)
entitlementRequests <- NewStyle.function.getEntitlementRequestsFuture(callContext)
} yield {
(JSONFactory300.createEntitlementRequestsJSON(entitlementRequests), HttpCode.`200`(callContext))
@ -1912,7 +1900,7 @@ trait APIMethods300 {
val allowedEntitlementsTxt = allowedEntitlements.mkString(" or ")
for {
(Full(authorizedUser), callContext) <- authenticatedAccess(cc)
_ <- NewStyle.function.hasAtLeastOneEntitlement(failMsg = UserHasMissingRoles + allowedEntitlementsTxt)("", authorizedUser.userId, allowedEntitlements)
_ <- NewStyle.function.hasAtLeastOneEntitlement(failMsg = UserHasMissingRoles + allowedEntitlementsTxt)("", authorizedUser.userId, allowedEntitlements, callContext)
entitlementRequests <- NewStyle.function.getEntitlementRequestsFuture(userId, callContext)
} yield {
(JSONFactory300.createEntitlementRequestsJSON(entitlementRequests), HttpCode.`200`(callContext))
@ -1986,7 +1974,7 @@ trait APIMethods300 {
val allowedEntitlementsTxt = UserHasMissingRoles + allowedEntitlements.mkString(" or ")
for {
(Full(u), callContext) <- authenticatedAccess(cc)
_ <- NewStyle.function.hasAtLeastOneEntitlement(failMsg = allowedEntitlementsTxt)("", u.userId, allowedEntitlements)
_ <- NewStyle.function.hasAtLeastOneEntitlement(failMsg = allowedEntitlementsTxt)("", u.userId, allowedEntitlements, callContext)
deleteEntitlementRequest <- EntitlementRequest.entitlementRequest.vend.deleteEntitlementRequestFuture(entitlementRequestId) map {
connectorEmptyResponse(_, callContext)
}
@ -2254,7 +2242,7 @@ trait APIMethods300 {
allowedEntitlements = canCreateScopeAtOneBank :: canCreateScopeAtAnyBank :: Nil
allowedEntitlementsTxt = s"$UserHasMissingRoles ${allowedEntitlements.mkString(", ")}!"
_ <- NewStyle.function.hasAtLeastOneEntitlement(failMsg = allowedEntitlementsTxt)(postedData.bank_id, u.userId, allowedEntitlements)
_ <- NewStyle.function.hasAtLeastOneEntitlement(failMsg = allowedEntitlementsTxt)(postedData.bank_id, u.userId, allowedEntitlements, callContext)
_ <- Helper.booleanToFuture(failMsg = BankNotFound) {
postedData.bank_id.nonEmpty == false || BankX(BankId(postedData.bank_id), callContext).map(_._1).isEmpty == false
@ -2299,7 +2287,7 @@ trait APIMethods300 {
consumer <- Future{callContext.get.consumer} map {
x => unboxFullOrFail(x, callContext, InvalidConsumerCredentials)
}
_ <- Future {hasEntitlementAndScope("", u.userId, consumer.id.get.toString, canDeleteScopeAtAnyBank)} map ( fullBoxOrException(_))
_ <- Future {NewStyle.function.hasEntitlementAndScope("", u.userId, consumer.id.get.toString, canDeleteScopeAtAnyBank, callContext)} map ( fullBoxOrException(_))
scope <- Future{ Scope.scope.vend.getScopeById(scopeId) ?~! ScopeNotFound } map {
val msg = s"$ScopeNotFound Current Value is $scopeId"
x => unboxFullOrFail(x, callContext, msg)
@ -2337,7 +2325,7 @@ trait APIMethods300 {
consumer <- Future{callContext.get.consumer} map {
x => unboxFullOrFail(x , callContext, InvalidConsumerCredentials)
}
_ <- Future {hasEntitlementAndScope("", u.userId, consumer.id.get.toString, canGetEntitlementsForAnyUserAtAnyBank)} flatMap {unboxFullAndWrapIntoFuture(_)}
_ <- Future {NewStyle.function.hasEntitlementAndScope("", u.userId, consumer.id.get.toString, canGetEntitlementsForAnyUserAtAnyBank, callContext)} flatMap {unboxFullAndWrapIntoFuture(_)}
scopes <- Future { Scope.scope.vend.getScopesByConsumerId(consumerId)} map { unboxFull(_) }
} yield
(JSONFactory300.createScopeJSONs(scopes), HttpCode.`200`(callContext))

20
obp-api/src/main/scala/code/api/v3_1_0/APIMethods310.scala
View File

@ -1214,7 +1214,7 @@ trait APIMethods310 {
for {
(Full(u), callContext) <- authenticatedAccess(cc)
_ <- NewStyle.function.hasAtLeastOneEntitlement(bankId.value, u.userId, canCreateCustomer :: canCreateCustomerAtAnyBank :: Nil)
_ <- NewStyle.function.hasAtLeastOneEntitlement(bankId.value, u.userId, canCreateCustomer :: canCreateCustomerAtAnyBank :: Nil, callContext)
(_, callContext) <- NewStyle.function.getBank(bankId, callContext)
failMsg = s"$InvalidJsonFormat The Json body should be the $PostCustomerJsonV310 "
@ -1688,9 +1688,7 @@ trait APIMethods310 {
cc =>
for {
(Full(u), callContext) <- authenticatedAccess(cc)
_ <- Helper.booleanToFuture(failMsg = UserHasMissingRoles + CanGetEntitlementsForAnyUserAtAnyBank) {
hasEntitlement("", u.userId, canGetEntitlementsForAnyUserAtAnyBank)
}
_ <- NewStyle.function.hasEntitlement("", u.userId, canGetEntitlementsForAnyUserAtAnyBank, callContext)
roleName = APIUtil.getHttpRequestUrlParam(cc.url, "role")
entitlements <- Entitlement.entitlement.vend.getEntitlementsByRoleFuture(roleName) map {
connectorEmptyResponse(_, callContext)
@ -2482,7 +2480,7 @@ trait APIMethods310 {
cc =>
for {
(Full(u), callContext) <- authenticatedAccess(cc)
_ <- NewStyle.function.hasAtLeastOneEntitlement(failMsg = createProductEntitlementsRequiredText)(bankId.value, u.userId, createProductEntitlements)
_ <- NewStyle.function.hasAtLeastOneEntitlement(failMsg = createProductEntitlementsRequiredText)(bankId.value, u.userId, createProductEntitlements, callContext)
(_, callContext) <- NewStyle.function.getBank(bankId, callContext)
failMsg = s"$InvalidJsonFormat The Json body should be the $PostPutProductJsonV310 "
product <- NewStyle.function.tryons(failMsg, 400, callContext) {
@ -3013,7 +3011,7 @@ trait APIMethods310 {
allowedEntitlements = canDeleteBranch ::canDeleteBranchAtAnyBank:: Nil
allowedEntitlementsTxt = allowedEntitlements.mkString(" or ")
(bank, callContext) <- NewStyle.function.getBank(bankId, callContext)
_ <- NewStyle.function.hasAtLeastOneEntitlement(failMsg = UserHasMissingRoles + allowedEntitlementsTxt)(bankId.value, u.userId, allowedEntitlements)
_ <- NewStyle.function.hasAtLeastOneEntitlement(failMsg = UserHasMissingRoles + allowedEntitlementsTxt)(bankId.value, u.userId, allowedEntitlements, callContext)
(branch, callContext) <- NewStyle.function.getBranch(bankId, branchId, callContext)
(result, callContext) <- NewStyle.function.deleteBranch(branch, callContext)
} yield {
@ -5360,9 +5358,9 @@ trait APIMethods310 {
_ <- Helper.booleanToFuture(InvalidAccountIdFormat){
isValidID(accountId.value)
}
_ <- Helper.booleanToFuture(s"${UserHasMissingRoles} $canCreateAccount or create account for self") {
hasEntitlement(bankId.value, loggedInUserId, canCreateAccount) || userIdAccountOwner == loggedInUserId
}
_ <- if (userIdAccountOwner == loggedInUserId) Future.successful(Full(Unit))
else NewStyle.function.hasEntitlement(bankId.value, loggedInUserId, canCreateAccount, callContext, s"${UserHasMissingRoles} $canCreateAccount or create account for self")
initialBalanceAsString = createAccountJson.balance.amount
accountType = createAccountJson.product_code
accountLabel = createAccountJson.label
@ -5908,8 +5906,8 @@ trait APIMethods310 {
json.extract[PutEnabledJSON]
}
_ <- putData.enabled match {
case true => Helper.booleanToFuture(UserHasMissingRoles + CanEnableConsumers)(hasEntitlement("", u.userId, ApiRole.canEnableConsumers))
case false => Helper.booleanToFuture(UserHasMissingRoles + CanDisableConsumers)(hasEntitlement("", u.userId, ApiRole.canDisableConsumers))
case true => NewStyle.function.hasEntitlement("", u.userId, ApiRole.canEnableConsumers, callContext)
case false => NewStyle.function.hasEntitlement("", u.userId, ApiRole.canDisableConsumers, callContext)
}
consumer <- NewStyle.function.getConsumerByConsumerId(consumerId, callContext)
updatedConsumer <- Future {

25
obp-api/src/main/scala/code/api/v4_0_0/APIMethods400.scala
View File

@ -233,9 +233,10 @@ trait APIMethods400 {
loggedInUserId = cc.userId
userIdAccountOwner = if (createAccountJson.user_id.nonEmpty) createAccountJson.user_id else loggedInUserId
(postedOrLoggedInUser,callContext) <- NewStyle.function.findByUserId(userIdAccountOwner, cc.callContext)
_ <- Helper.booleanToFuture(s"$UserHasMissingRoles $canCreateSettlementAccountAtOneBank") {
hasEntitlement(bankId.value, loggedInUserId, canCreateSettlementAccountAtOneBank) || userIdAccountOwner == loggedInUserId
}
_ <- if (userIdAccountOwner == loggedInUserId) Future.successful(Full(Unit))
else NewStyle.function.hasEntitlement(bankId.value, loggedInUserId, canCreateSettlementAccountAtOneBank, callContext)
initialBalanceAsString = createAccountJson.balance.amount
accountLabel = createAccountJson.label
initialBalanceAsNumber <- NewStyle.function.tryons(InvalidAccountInitialBalance, 400, callContext) {
@ -325,9 +326,8 @@ trait APIMethods400 {
case "banks" :: BankId(bankId) :: "settlement-accounts" :: Nil JsonGet _ => {
cc =>
for {
_ <- Helper.booleanToFuture(s"$UserHasMissingRoles $canGetSettlementAccountAtOneBank") {
hasEntitlement(bankId.value, cc.userId, canGetSettlementAccountAtOneBank)
}
_ <- NewStyle.function.hasEntitlement(bankId.value, cc.userId, canGetSettlementAccountAtOneBank, cc.callContext)
(accounts, callContext) <- NewStyle.function.getBankSettlementAccounts(bankId, cc.callContext)
settlementAccounts <- Future.sequence(accounts.map(account => {
NewStyle.function.getAccountAttributesByAccount(bankId, account.accountId, callContext).map(accountAttributes =>
@ -662,10 +662,8 @@ trait APIMethods400 {
account = BankIdAccountId(bankId, accountId)
_ <- NewStyle.function.checkAuthorisationToCreateTransactionRequest(viewId, account, u, callContext)
_ <- Helper.booleanToFuture(InsufficientAuthorisationToCreateTransactionRequest) {
u.hasOwnerViewAccess(BankIdAccountId(bankId, accountId)) ||
hasEntitlement(bankId.value, u.userId, ApiRole.canCreateAnyTransactionRequest)
}
_ <- if (u.hasOwnerViewAccess(BankIdAccountId(bankId, accountId))) Future.successful(Full(Unit))
else NewStyle.function.hasEntitlement(bankId.value, u.userId, ApiRole.canCreateAnyTransactionRequest, callContext, InsufficientAuthorisationToCreateTransactionRequest)
_ <- Helper.booleanToFuture(s"${InvalidTransactionRequestType}: '${transactionRequestType.value}'") {
APIUtil.getPropsValue("transactionRequests_supported_types", "").split(",").contains(transactionRequestType.value)
@ -2103,9 +2101,10 @@ trait APIMethods400 {
loggedInUserId = cc.userId
userIdAccountOwner = if (createAccountJson.user_id.nonEmpty) createAccountJson.user_id else loggedInUserId
(postedOrLoggedInUser,callContext) <- NewStyle.function.findByUserId(userIdAccountOwner, cc.callContext)
_ <- Helper.booleanToFuture(s"${UserHasMissingRoles} $canCreateAccount or create account for self") {
hasEntitlement(bankId.value, loggedInUserId, canCreateAccount) || userIdAccountOwner == loggedInUserId
}
_ <- if (userIdAccountOwner == loggedInUserId) Future.successful(Full(Unit))
else NewStyle.function.hasEntitlement(bankId.value, loggedInUserId, canCreateAccount, callContext, s"${UserHasMissingRoles} $canCreateAccount or create account for self")
initialBalanceAsString = createAccountJson.balance.amount
//Note: here we map the product_code to account_type
accountType = createAccountJson.product_code

4
obp-api/src/test/scala/code/api/v2_0_0/TransactionRequestsTest.scala
View File

@ -50,7 +50,7 @@ class TransactionRequestsTest extends V200ServerSetup with DefaultUsers {
addEntitlement(bankId.value, resourceUser3.userId, CanCreateAnyTransactionRequest.toString)
Then("We add entitlement to user3")
val hasEntitlement = code.api.util.APIUtil.hasEntitlement(bankId.value, resourceUser3.userId, canCreateAnyTransactionRequest)
val hasEntitlement = APIUtil.hasEntitlement(bankId.value, resourceUser3.userId, canCreateAnyTransactionRequest)
hasEntitlement should equal(true)
def getFromAccount: BankAccount = {
@ -386,7 +386,7 @@ class TransactionRequestsTest extends V200ServerSetup with DefaultUsers {
addEntitlement(bankId2.value, resourceUser3.userId, CanCreateAnyTransactionRequest.toString)
Then("We add entitlement to user3")
val hasEntitlement = code.api.util.APIUtil.hasEntitlement(bankId2.value, resourceUser3.userId, canCreateAnyTransactionRequest)
val hasEntitlement = APIUtil.hasEntitlement(bankId2.value, resourceUser3.userId, canCreateAnyTransactionRequest)
hasEntitlement should equal(true)
def getFromAccount: BankAccount = {

12
obp-api/src/test/scala/code/api/v2_1_0/CreateBranchTest.scala
View File

@ -1,7 +1,7 @@
package code.api.v2_1_0
import code.api.util.APIUtil.OAuth._
import code.api.util.ApiRole
import code.api.util.{APIUtil, ApiRole}
import code.api.util.ApiRole.{CanCreateBranch, CanUpdateBranch}
import code.api.v1_4_0.JSONFactory1_4_0._
import code.setup.DefaultUsers
@ -38,7 +38,7 @@ class CreateBranchTest extends V210ServerSetup with DefaultUsers {
Then("We add entitlement to user1")
addEntitlement(bankId.value, resourceUser1.userId, CanUpdateBranch.toString)
val hasEntitlement = code.api.util.APIUtil.hasEntitlement(bankId.value, resourceUser1.userId, ApiRole.canUpdateBranch)
val hasEntitlement = APIUtil.hasEntitlement(bankId.value, resourceUser1.userId, ApiRole.canUpdateBranch)
hasEntitlement should equal(true)
When("We make the request Update Branch for an account")
@ -63,7 +63,7 @@ class CreateBranchTest extends V210ServerSetup with DefaultUsers {
Then("We add entitlement to user1")
addEntitlement(bankId.value, resourceUser1.userId, CanUpdateBranch.toString)
val hasEntitlement = code.api.util.APIUtil.hasEntitlement(bankId.value, resourceUser1.userId, ApiRole.canUpdateBranch)
val hasEntitlement = APIUtil.hasEntitlement(bankId.value, resourceUser1.userId, ApiRole.canUpdateBranch)
hasEntitlement should equal(true)
When("We make the request Update Branch for an account")
@ -105,7 +105,7 @@ class CreateBranchTest extends V210ServerSetup with DefaultUsers {
Then("We add entitlement to user1")
addEntitlement(bankId.value, resourceUser1.userId, CanCreateBranch.toString)
val hasEntitlement = code.api.util.APIUtil.hasEntitlement(bankId.value, resourceUser1.userId, ApiRole.canCreateBranch)
val hasEntitlement = APIUtil.hasEntitlement(bankId.value, resourceUser1.userId, ApiRole.canCreateBranch)
hasEntitlement should equal(true)
@ -134,7 +134,7 @@ class CreateBranchTest extends V210ServerSetup with DefaultUsers {
Then("We add `CanCreateBranch`entitlement to user1")
addEntitlement(bankId.value, resourceUser1.userId, CanCreateBranch.toString)
val hasEntitlement = code.api.util.APIUtil.hasEntitlement(bankId.value, resourceUser1.userId, ApiRole.canCreateBranch)
val hasEntitlement = APIUtil.hasEntitlement(bankId.value, resourceUser1.userId, ApiRole.canCreateBranch)
hasEntitlement should equal(true)
When("We make the request Update Branch for an account")
@ -149,7 +149,7 @@ class CreateBranchTest extends V210ServerSetup with DefaultUsers {
Then("We add `CanCreateBranch`entitlement to user1")
addEntitlement(bankId.value, resourceUser1.userId, CanUpdateBranch.toString)
val hasCanUpdateBranchEntitlement = code.api.util.APIUtil.hasEntitlement(bankId.value, resourceUser1.userId, ApiRole.canUpdateBranch)
val hasCanUpdateBranchEntitlement = APIUtil.hasEntitlement(bankId.value, resourceUser1.userId, ApiRole.canUpdateBranch)
hasCanUpdateBranchEntitlement should equal(true)
requestPost = (v2_1Request / "banks" / bankId.value / "branches" / branchId.value ).PUT <@ (user1)

4
obp-api/src/test/scala/code/api/v2_1_0/CreateCreditCardTest.scala
View File

@ -2,7 +2,7 @@ package code.api.v2_1_0
import code.api.ResourceDocs1_4_0.SwaggerDefinitionsJSON.postPhysicalCardJSON
import code.api.util.APIUtil.OAuth._
import code.api.util.ApiRole
import code.api.util.{APIUtil, ApiRole}
import code.api.util.ApiRole.CanCreateCardsForBank
import code.api.v1_3_0.PhysicalCardJSON
import code.setup.DefaultUsers
@ -21,7 +21,7 @@ class CreateCreditCardTest extends V210ServerSetup with DefaultUsers {
Then("We add entitlement to user1")
addEntitlement(bankId.value, resourceUser1.userId, CanCreateCardsForBank.toString)
val hasEntitlement = code.api.util.APIUtil.hasEntitlement(bankId.value, resourceUser1.userId, ApiRole.canCreateCardsForBank)
val hasEntitlement = APIUtil.hasEntitlement(bankId.value, resourceUser1.userId, ApiRole.canCreateCardsForBank)
hasEntitlement should equal(true)
When("We make the request Create Credit Card")

4
obp-api/src/test/scala/code/api/v2_1_0/CreateTransactionTypeTest.scala
View File

@ -2,7 +2,7 @@ package code.api.v2_1_0
import code.api.util.APIUtil.OAuth._
import code.api.util.ApiRole.CanCreateTransactionType
import code.api.util.{ApiRole, ErrorMessages}
import code.api.util.{APIUtil, ApiRole, ErrorMessages}
import code.api.v2_0_0.{TransactionTypeJsonV200, TransactionTypesJsonV200}
import code.api.v2_2_0.OBPAPI2_2_0.Implementations2_0_0
import code.setup.DefaultUsers
@ -153,7 +153,7 @@ class CreateTransactionTypeTest extends V210ServerSetup with DefaultUsers {
def setCanCreateTransactionType: Unit = {
addEntitlement(testBankId1.value, resourceUser1.userId, CanCreateTransactionType.toString)
Then("We add entitlement to user1")
val hasEntitlement = code.api.util.APIUtil.hasEntitlement(testBankId1.value, resourceUser1.userId, ApiRole.canCreateTransactionType)
val hasEntitlement = APIUtil.hasEntitlement(testBankId1.value, resourceUser1.userId, ApiRole.canCreateTransactionType)
hasEntitlement should equal(true)
}
}

6
obp-api/src/test/scala/code/api/v2_1_0/UpdateConsumerRedirectUrlTest.scala
View File

@ -1,7 +1,7 @@
package code.api.v2_1_0
import code.api.util.APIUtil.OAuth._
import code.api.util.ApiRole
import code.api.util.{APIUtil, ApiRole}
import code.api.util.ApiRole.CanUpdateConsumerRedirectUrl
import code.api.util.ErrorMessages.{UserHasMissingRoles, UserNoPermissionUpdateConsumer}
import code.setup.DefaultUsers
@ -44,7 +44,7 @@ class UpdateConsumerRedirectUrlTest extends V210ServerSetup with DefaultUsers {
Then("We add entitlement to user2")
addEntitlement("", resourceUser2.userId, CanUpdateConsumerRedirectUrl.toString)
val hasEntitlement = code.api.util.APIUtil.hasEntitlement("", resourceUser2.userId, ApiRole.canUpdateConsumerRedirectUrl)
val hasEntitlement = APIUtil.hasEntitlement("", resourceUser2.userId, ApiRole.canUpdateConsumerRedirectUrl)
hasEntitlement should equal(true)
When("We make the request Update Redirect Url for a Consumer")
@ -66,7 +66,7 @@ class UpdateConsumerRedirectUrlTest extends V210ServerSetup with DefaultUsers {
Then("We add entitlement to user1")
addEntitlement("", resourceUser1.userId, CanUpdateConsumerRedirectUrl.toString)
val hasEntitlement = code.api.util.APIUtil.hasEntitlement("", resourceUser1.userId, ApiRole.canUpdateConsumerRedirectUrl)
val hasEntitlement = APIUtil.hasEntitlement("", resourceUser1.userId, ApiRole.canUpdateConsumerRedirectUrl)
hasEntitlement should equal(true)
When("We make the request Update Redirect Url for a Consumer")